Blob Blame History Raw
From 34e115c1a9657f07ed8a39b81c6b21fba1faa319 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 29 Jan 2019 18:12:15 +0100
Subject: [PATCH] object: Avoid obj_ops array overrun

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1661327
Upstream Status: libnftnl commit 16c44d9f42170

commit 16c44d9f42170264c4d484478c76e940951f1b70
Author: Phil Sutter <phil@nwl.cc>
Date:   Thu Dec 20 21:03:27 2018 +0100

    object: Avoid obj_ops array overrun

    In version 1.1.1, obj_ops array was smaller than __NFT_OBJECT_MAX since
    there are no ops for NFT_OBJECT_CONNLIMIT. Avoid this potential issue in
    the future by defining the array size.

    Signed-off-by: Phil Sutter <phil@nwl.cc>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/object.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/object.c b/src/object.c
index d8278f3..7fb9bab 100644
--- a/src/object.c
+++ b/src/object.c
@@ -25,7 +25,7 @@
 #include <buffer.h>
 #include "obj.h"
 
-static struct obj_ops *obj_ops[] = {
+static struct obj_ops *obj_ops[__NFT_OBJECT_MAX] = {
 	[NFT_OBJECT_COUNTER]	= &obj_ops_counter,
 	[NFT_OBJECT_QUOTA]	= &obj_ops_quota,
 	[NFT_OBJECT_CT_HELPER]	= &obj_ops_ct_helper,
-- 
1.8.3.1